4755 vauth_file_owner(vauth_ctx vcp)
4759 	if (vcp->flags_valid & _VAC_IS_OWNER) {
4760 		result = (vcp->flags & _VAC_IS_OWNER) ? 1 : 0;
4762 		result = vauth_node_owner(vcp->vap, vcp->ctx->vc_ucred);
4765 		vcp->flags_valid |= _VAC_IS_OWNER;
4767 			vcp->flags |= _VAC_IS_OWNER;
4769 			vcp->flags &= ~_VAC_IS_OWNER;
4776 vauth_file_ingroup(vauth_ctx vcp, int *ismember)
4780 	if (vcp->flags_valid & _VAC_IN_GROUP) {
4781 		*ismember = (vcp->flags & _VAC_IN_GROUP) ? 1 : 0;
4784 		error = vauth_node_group(vcp->vap, vcp->ctx->vc_ucred, ismember);
4788 			vcp->flags_valid |= _VAC_IN_GROUP;
4790 				vcp->flags |= _VAC_IN_GROUP;
4792 				vcp->flags &= ~_VAC_IN_GROUP;
4801 vauth_dir_owner(vauth_ctx vcp)
4805 	if (vcp->flags_valid & _VAC_IS_DIR_OWNER) {
4806 		result = (vcp->flags & _VAC_IS_DIR_OWNER) ? 1 : 0;
4808 		result = vauth_node_owner(vcp->dvap, vcp->ctx->vc_ucred);
4811 		vcp->flags_valid |= _VAC_IS_DIR_OWNER;
4813 			vcp->flags |= _VAC_IS_DIR_OWNER;
4815 			vcp->flags &= ~_VAC_IS_DIR_OWNER;
4822 vauth_dir_ingroup(vauth_ctx vcp, int *ismember)
4826 	if (vcp->flags_valid & _VAC_IN_DIR_GROUP) {
4827 		*ismember = (vcp->flags & _VAC_IN_DIR_GROUP) ? 1 : 0;
4830 		error = vauth_node_group(vcp->dvap, vcp->ctx->vc_ucred, ismember);
4834 			vcp->flags_valid |= _VAC_IN_DIR_GROUP;
4836 				vcp->flags |= _VAC_IN_DIR_GROUP;
4838 				vcp->flags &= ~_VAC_IN_DIR_GROUP;
4850 vnode_authorize_posix(vauth_ctx vcp, int action, int on_dir)
4863 		vap = vcp->dvap;
4865 		vap = vcp->vap;
4918 	if ((on_dir && vauth_dir_owner(vcp)) ||
4919 	    (!on_dir && vauth_file_owner(vcp))) {
4940 		error = vauth_dir_ingroup(vcp, &ismember);
4942 		error = vauth_file_ingroup(vcp, &ismember);
4962 	    vcp->vp, (error == 0) ? "ALLOWED" : "DENIED", where,
4976 	    kauth_cred_getuid(vcp->ctx->vc_ucred),
4977 	    on_dir ? vcp->dvap->va_uid : vcp->vap->va_uid,
4978 	    on_dir ? vcp->dvap->va_gid : vcp->vap->va_gid);
5001 vnode_authorize_delete(vauth_ctx vcp, boolean_t cached_delete_child);
5003 vnode_authorize_delete(vauth_ctx vcp, boolean_t cached_delete_child)
5005 	struct vnode_attr	*vap = vcp->vap;
5006 	struct vnode_attr	*dvap = vcp->dvap;
5007 	kauth_cred_t		cred = vcp->ctx->vc_ucred;
5018 		if (vauth_dir_owner(vcp))
5020 		if ((error = vauth_dir_ingroup(vcp, &ismember)) != 0)
5032 			KAUTH_DEBUG("%p    ERROR during ACL processing - %d", vcp->vp, error);
5038 			KAUTH_DEBUG("%p    ALLOWED - granted by directory ACL", vcp->vp);
5050 		if (vauth_file_owner(vcp))
5052 		if ((error = vauth_file_ingroup(vcp, &ismember)) != 0)
5062 			KAUTH_DEBUG("%p    ERROR during ACL processing - %d", vcp->vp, error);
5068 			KAUTH_DEBUG("%p    ALLOWED - granted by file ACL", vcp->vp);
5075 		KAUTH_DEBUG("%p    ALLOWED - denied by ACL", vcp->vp);
5085 	if (!cached_delete_child && (dvap->va_mode & S_ISTXT) && !vauth_file_owner(vcp) && !vauth_dir_owner(vcp)) {
5087 		    vcp->vp, cred->cr_uid, vap->va_uid, dvap->va_uid);
5092 	if (!cached_delete_child && (error = vnode_authorize_posix(vcp, VWRITE, 1 /* on_dir */)) != 0) {
5093 		KAUTH_DEBUG("%p    ALLOWED - granted by posix permisssions", vcp->vp);
5106 vnode_authorize_simple(vauth_ctx vcp, kauth_ace_rights_t acl_rights, kauth_ace_rights_t preauth_rights, boolean_t *found_deny)
5108 	struct vnode_attr	*vap = vcp->vap;
5109 	kauth_cred_t		cred = vcp->ctx->vc_ucred;
5119 	if (vauth_file_owner(vcp))
5135 		KAUTH_DEBUG("%p    ALLOWED - implicit or no rights required", vcp->vp);
5145 		if (vauth_file_owner(vcp))
5147 		if ((error = vauth_file_ingroup(vcp, &ismember)) != 0)
5157 			KAUTH_DEBUG("%p    ERROR during ACL processing - %d", vcp->vp, error);
5162 			KAUTH_DEBUG("%p    DENIED - by ACL", vcp->vp);
5166 			KAUTH_DEBUG("%p    ALLOWED - all rights granted by ACL", vcp->vp);
5185 	if (vauth_file_owner(vcp))
5189 		KAUTH_DEBUG("%p    ALLOWED - rights already authorized", vcp->vp);
5200 		KAUTH_DEBUG("%p    DENIED - CHANGE_OWNER not permitted", vcp->vp);
5204 		KAUTH_DEBUG("%p    DENIED - WRITE_SECURITY not permitted", vcp->vp);
5234 		return(vnode_authorize_posix(vcp, posix_action, 0 /* !on_dir */));
5237 		    vcp->vp,
5239 		    ? vnode_isdir(vcp->vp) ? " LIST_DIRECTORY" : " READ_DATA" : "",
5241 		    ? vnode_isdir(vcp->vp) ? " ADD_FILE" : " WRITE_DATA" : "",
5243 		    ? vnode_isdir(vcp->vp) ? " SEARCH" : " EXECUTE" : "",
5247 		    ? vnode_isdir(vcp->vp) ? " ADD_SUBDIRECTORY" : " APPEND_DATA" : "",
5481 	vauth_ctx		vcp;
5494 	vcp = &auth_context;
5495 	ctx = vcp->ctx = (vfs_context_t)arg0;
5496 	vp = vcp->vp = (vnode_t)arg1;
5497 	dvp = vcp->dvp = (vnode_t)arg2;
5506 	vcp->vap = &va;
5508 	vcp->dvap = &dva;
5510 	vcp->flags = vcp->flags_valid = 0;
5637 		vcp->vp = vp = vp->v_parent;
5679 		    ((result = vnode_authorize_delete(vcp, parent_authorized_for_delete_child)) != 0))
5684 		    (result = vnode_authorize_simple(vcp, rights, rights & KAUTH_VNODE_DELETE, &found_deny)) != 0)

Indexes created Sat Jul 13 22:46:07 MDT 2024